As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.

Simply create a new "token user" account on the network dc.
Add it to the local admin group of the machine.
Generate all security tokens using this user account.
Run all apps needing admin rights using runnas.exe and its associated TOK file.

For additional security lock the user account down by putting in its own restricted user organizational unit (restricted by gpo)